Ransomware victims paid an estimated $813 million in 2024, and nearly 40% of that amount went to actors in Russia, China, and North Korea, a new analysis has found.
According to cybersecurity company Heimdal, which conducted the analysis, the findings offer new visibility into where ransomware profits go. But of course, they also raise questions about what governments, infrastructure providers, and regulators can do to disrupt the cash flow.
Heimdal used recent telemetry, infrastructure tracing, and ownership mapping to assess how ransomware revenue is likely distributed through opaque networks and front entities.
For instance, if the 2024 $813 million ransomware payments were distributed proportionally, about $211 million would likely go to entities in Russia, which, together with China and North Korea, could account for roughly 38% of total payouts, said Heimsal in a blog post.
It’s pretty typical for organized criminals – and cybercrooks are definitely organized these days – to obscure their shady operations with the help of shell companies. That’s indeed what’s happening.
One example is a firm called Razi Network, registered in Germany and appearing in European IP registry data – but not in German business records. To Heimdal, this is “a sign of regulatory blind spots.”
In a similar scheme, North Korea’s APT38, a hacking outfit responsible for daring cryptocurrency thefts, has been linked to operations from Panama-based IP ranges, showing how attackers exploit jurisdictions with weak oversight.
The conversation on this topic is live. Join in the discussion.
Ransomware gangs often operate through a combination of national and transnational front companies. Shell corporations and flexible address registries are often employed to evade attribution and delay enforcement efforts.
“These findings highlight a core issue. Ransomware thrives on cheap, accessible infrastructure and the ability to hide within global compliance loopholes,” said Heimdal.
According to Chainalysis, the total volume of ransom payments decreased by approximately 35% last year.
According to the researchers, in order to change the calculus, governments, industry, and enterprises “must target the economic foundations of ransomware: ease of set-up, monetization, and concealment.”
On the other hand, the trend in the ransomware landscape might be improving. According to Chainalysis, the total volume of ransom payments decreased by approximately 35% last year.
This was driven by “increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay,” said the blockchain data platform.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked